From: Todd C. Miller Date: Tue, 10 Mar 2009 21:08:18 +0000 (+0000) Subject: Document netsvc.conf support X-Git-Tag: SUDO_1_7_1~22 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f50deedc3b6d38dd125ddc17aa8ad471ffab7c04;p=sudo Document netsvc.conf support --- diff --git a/sudoers.ldap.pod b/sudoers.ldap.pod index bcbf52169..ef00f1056 100644 --- a/sudoers.ldap.pod +++ b/sudoers.ldap.pod @@ -487,6 +487,36 @@ sudoers line, the following default is assumed: Note that F<@nsswitch_conf@> is supported even when the underlying operating system does not use an nsswitch.conf file. +=head2 Configuring netsvc.conf + +On AIX systems, the F<@netsvc_conf@> file is consulted instead of +F<@nsswitch_conf@>. B simply treats I as a +variant of I; information in the previous section +unrelated to the file format itself still applies. + +To consult LDAP first followed by the local sudoers file (if it +exists), use: + + sudoers = ldap, files + +The local I file can be ignored completely by using: + + sudoers = ldap + +To treat LDAP as authoratative and only use the local sudoers file +if the user is not present in LDAP, use: + + sudoers = ldap = auth, files + +Note that in the above example, the C qualfier only affects +user lookups; both LDAP and I will be queried for C +entries. + +If the F<@netsvc_conf@> file is not present or there is no +sudoers line, the following default is assumed: + + sudoers = files + =head1 FILES =over 24 @@ -499,6 +529,10 @@ LDAP configuration file determines sudoers source order +=item F<@netsvc_conf@> + +determines sudoers source order on AIX + =back =head1 EXAMPLES @@ -658,11 +692,6 @@ C line in C and restart B. sudoRunAsGroup $ sudoOption $ description ) ) -=for comment - -Add nsswitch.conf example? -Add more exhaustive sudoers ldif example? - =head1 SEE ALSO L, L